aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dcerpc: visibility and naming cleanups

Browse Source 
- replace rs_ prefixed names with SC
- remove no_mangle and pub where not needed
- remove some unused functions

Related to ticket: #7498
pull/12693/head
Jason Ish 5 months ago committed by Victor Julien
parent f0116c3a6b
commit c726d67bb0
11 changed files with 82 additions and 128 deletions
Show Stats Download Patch File Download Diff File

99
rust/src/dcerpc/dcerpc.rs
Unescape Escape View File

@ -324,10 +324,10 @@ pub struct DCERPCState {
pub pad: u8,
pub padleft: u16,
pub tx_id: u64,
pub ts_gap: bool,
pub tc_gap: bool,
pub ts_ssn_gap: bool,
pub tc_ssn_gap: bool,
ts_gap: bool,
tc_gap: bool,
ts_ssn_gap: bool,
tc_ssn_gap: bool,
pub flow: Option<*const Flow>,
state_data: AppLayerStateData,
}
@ -516,21 +516,7 @@ impl DCERPCState {
None
}
pub fn parse_data_gap(&mut self, direction: Direction) -> AppLayerResult {
match direction {
Direction::ToServer => {
self.ts_gap = true;
self.ts_ssn_gap = true;
},
Direction::ToClient => {
self.tc_gap = true;
self.tc_ssn_gap = true;
},
}
AppLayerResult::ok()
}
pub fn post_gap_housekeeping(&mut self, dir: Direction) {
fn post_gap_housekeeping(&mut self, dir: Direction) {
SCLogDebug!("ts ssn gap: {:?}, tc ssn gap: {:?}, dir: {:?}", self.ts_ssn_gap, self.tc_ssn_gap, dir);
if self.ts_ssn_gap && dir == Direction::ToServer {
for tx in &mut self.transactions {
@ -1047,24 +1033,7 @@ fn evaluate_stub_params(
stub_len
}
#[no_mangle]
pub extern "C" fn rs_parse_dcerpc_request_gap(
state: &mut DCERPCState,
_input_len: u32,
) -> AppLayerResult {
state.parse_data_gap(Direction::ToServer)
}
#[no_mangle]
pub extern "C" fn rs_parse_dcerpc_response_gap(
state: &mut DCERPCState,
_input_len: u32,
) -> AppLayerResult {
state.parse_data_gap(Direction::ToClient)
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_parse_request(
unsafe extern "C" fn parse_request(
flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
@ -1088,8 +1057,7 @@ pub unsafe extern "C" fn rs_dcerpc_parse_request(
AppLayerResult::err()
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_parse_response(
unsafe extern "C" fn parse_response(
flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
@ -1111,27 +1079,23 @@ pub unsafe extern "C" fn rs_dcerpc_parse_response(
AppLayerResult::err()
}
#[no_mangle]
pub extern "C" fn rs_dcerpc_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
extern "C" fn state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
let state = DCERPCState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut _;
}
#[no_mangle]
pub extern "C" fn rs_dcerpc_state_free(state: *mut std::os::raw::c_void) {
extern "C" fn state_free(state: *mut std::os::raw::c_void) {
std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCState)} );
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
unsafe extern "C" fn state_transaction_free(state: *mut std::os::raw::c_void, tx_id: u64) {
let dce_state = cast_pointer!(state, DCERPCState);
SCLogDebug!("freeing tx {}", tx_id);
dce_state.free_tx(tx_id);
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_get_tx(
unsafe extern "C" fn get_tx(
vtx: *mut std::os::raw::c_void, tx_id: u64,
) -> *mut std::os::raw::c_void {
let dce_state = cast_pointer!(vtx, DCERPCState);
@ -1141,14 +1105,12 @@ pub unsafe extern "C" fn rs_dcerpc_get_tx(
}
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
unsafe extern "C" fn get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
let dce_state = cast_pointer!(vtx, DCERPCState);
dce_state.tx_id
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8
pub(super) unsafe extern "C" fn get_alstate_progress(tx: *mut std::os::raw::c_void, direction: u8
)-> std::os::raw::c_int {
let tx = cast_pointer!(tx, DCERPCTransaction);
if direction == Direction::ToServer.into() && tx.req_done {
@ -1162,8 +1124,7 @@ pub unsafe extern "C" fn rs_dcerpc_get_alstate_progress(tx: *mut std::os::raw::c
return 0;
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_get_tx_data(
unsafe extern "C" fn get_tx_data(
tx: *mut std::os::raw::c_void)
-> *mut AppLayerTxData
{
@ -1172,7 +1133,7 @@ pub unsafe extern "C" fn rs_dcerpc_get_tx_data(
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_get_stub_data(
pub unsafe extern "C" fn SCDcerpcGetStubData(
tx: &mut DCERPCTransaction, buf: *mut *const u8, len: *mut u32, endianness: *mut u8, dir: u8,
) {
match dir.into() {
@ -1205,7 +1166,7 @@ fn probe(input: &[u8]) -> (bool, bool) {
}
}
pub unsafe extern "C" fn rs_dcerpc_probe_tcp(_f: *const Flow, direction: u8, input: *const u8,
unsafe extern "C" fn probe_tcp(_f: *const Flow, direction: u8, input: *const u8,
len: u32, rdir: *mut u8) -> AppProto
{
SCLogDebug!("Probing packet for DCERPC");
@ -1233,13 +1194,13 @@ fn register_pattern_probe() -> i8 {
unsafe {
if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
Direction::ToServer.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
Direction::ToServer.into(), probe_tcp, 0, 0) < 0 {
SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
if AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_DCERPC,
b"|05 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
Direction::ToClient.into(), rs_dcerpc_probe_tcp, 0, 0) < 0 {
Direction::ToClient.into(), probe_tcp, 0, 0) < 0 {
SCLogDebug!("TOCLIENT => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
@ -1248,13 +1209,13 @@ fn register_pattern_probe() -> i8 {
0
}
export_state_data_get!(rs_dcerpc_get_state_data, DCERPCState);
export_state_data_get!(get_state_data, DCERPCState);
// Parser name as a C style string.
pub const PARSER_NAME: &[u8] = b"dcerpc\0";
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_register_parser() {
pub unsafe extern "C" fn SCRegisterDcerpcParser() {
let parser = RustParser {
name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
default_port: std::ptr::null(),
@ -1263,24 +1224,24 @@ pub unsafe extern "C" fn rs_dcerpc_register_parser() {
probe_tc: None,
min_depth: 0,
max_depth: 16,
state_new: rs_dcerpc_state_new,
state_free: rs_dcerpc_state_free,
tx_free: rs_dcerpc_state_transaction_free,
parse_ts: rs_dcerpc_parse_request,
parse_tc: rs_dcerpc_parse_response,
get_tx_count: rs_dcerpc_get_tx_cnt,
get_tx: rs_dcerpc_get_tx,
state_new,
state_free,
tx_free: state_transaction_free,
parse_ts: parse_request,
parse_tc: parse_response,
get_tx_count: get_tx_cnt,
get_tx,
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_dcerpc_get_alstate_progress,
tx_get_progress: get_alstate_progress,
get_eventinfo: None,
get_eventinfo_byid : None,
localstorage_new: None,
localstorage_free: None,
get_tx_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCState, DCERPCTransaction>),
get_tx_data: rs_dcerpc_get_tx_data,
get_state_data: rs_dcerpc_get_state_data,
get_tx_data,
get_state_data,
apply_tx_config: None,
flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: Some(DCERPCFrameType::ffi_id_from_name),

51
rust/src/dcerpc/dcerpc_udp.rs
Unescape Escape View File

@ -19,7 +19,7 @@ use crate::core;
use crate::applayer::{self, *};
use crate::dcerpc::dcerpc::{
DCERPCTransaction, DCERPC_MAX_TX, DCERPC_TYPE_REQUEST, DCERPC_TYPE_RESPONSE, PFCL1_FRAG, PFCL1_LASTFRAG,
rs_dcerpc_get_alstate_progress, ALPROTO_DCERPC, PARSER_NAME,
get_alstate_progress, ALPROTO_DCERPC, PARSER_NAME,
};
use crate::direction::{Direction, DIR_BOTH};
use crate::flow::Flow;
@ -234,8 +234,7 @@ impl DCERPCUDPState {
}
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_parse(
unsafe extern "C" fn parse(
_flow: *const Flow, state: *mut std::os::raw::c_void, _pstate: *mut std::os::raw::c_void,
stream_slice: StreamSlice,
_data: *const std::os::raw::c_void,
@ -247,20 +246,17 @@ pub unsafe extern "C" fn rs_dcerpc_udp_parse(
AppLayerResult::err()
}
#[no_mangle]
pub extern "C" fn rs_dcerpc_udp_state_free(state: *mut std::os::raw::c_void) {
extern "C" fn state_free(state: *mut std::os::raw::c_void) {
std::mem::drop(unsafe { Box::from_raw(state as *mut DCERPCUDPState) });
}
#[no_mangle]
pub extern "C" fn rs_dcerpc_udp_state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
extern "C" fn state_new(_orig_state: *mut std::os::raw::c_void, _orig_proto: AppProto) -> *mut std::os::raw::c_void {
let state = DCERPCUDPState::new();
let boxed = Box::new(state);
return Box::into_raw(boxed) as *mut _;
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_state_transaction_free(
unsafe extern "C" fn state_transaction_free(
state: *mut std::os::raw::c_void, tx_id: u64,
) {
let dce_state = cast_pointer!(state, DCERPCUDPState);
@ -268,8 +264,7 @@ pub unsafe extern "C" fn rs_dcerpc_udp_state_transaction_free(
dce_state.free_tx(tx_id);
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_data(
unsafe extern "C" fn get_tx_data(
tx: *mut std::os::raw::c_void)
-> *mut AppLayerTxData
{
@ -277,8 +272,7 @@ pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_data(
return &mut tx.tx_data;
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_get_tx(
unsafe extern "C" fn get_tx(
state: *mut std::os::raw::c_void, tx_id: u64,
) -> *mut std::os::raw::c_void {
let dce_state = cast_pointer!(state, DCERPCUDPState);
@ -292,8 +286,7 @@ pub unsafe extern "C" fn rs_dcerpc_udp_get_tx(
}
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
unsafe extern "C" fn get_tx_cnt(vtx: *mut std::os::raw::c_void) -> u64 {
let dce_state = cast_pointer!(vtx, DCERPCUDPState);
dce_state.tx_id
}
@ -315,7 +308,7 @@ fn probe(input: &[u8]) -> (bool, bool) {
}
}
pub unsafe extern "C" fn rs_dcerpc_probe_udp(_f: *const Flow, direction: u8, input: *const u8,
unsafe extern "C" fn probe_udp(_f: *const Flow, direction: u8, input: *const u8,
len: u32, rdir: *mut u8) -> AppProto
{
SCLogDebug!("Probing the packet for DCERPC/UDP");
@ -343,7 +336,7 @@ fn register_pattern_probe() -> i8 {
unsafe {
if AppLayerProtoDetectPMRegisterPatternCSwPP(core::IPPROTO_UDP, ALPROTO_DCERPC,
b"|04 00|\0".as_ptr() as *const std::os::raw::c_char, 2, 0,
Direction::ToServer.into(), rs_dcerpc_probe_udp, 0, 0) < 0 {
Direction::ToServer.into(), probe_udp, 0, 0) < 0 {
SCLogDebug!("TOSERVER => AppLayerProtoDetectPMRegisterPatternCSwPP FAILED");
return -1;
}
@ -351,10 +344,10 @@ fn register_pattern_probe() -> i8 {
0
}
export_state_data_get!(rs_dcerpc_udp_get_state_data, DCERPCUDPState);
export_state_data_get!(get_state_data, DCERPCUDPState);
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
pub unsafe extern "C" fn SCRegisterDcerpcUdpParser() {
let parser = RustParser {
name: PARSER_NAME.as_ptr() as *const std::os::raw::c_char,
default_port: std::ptr::null(),
@ -363,24 +356,24 @@ pub unsafe extern "C" fn rs_dcerpc_udp_register_parser() {
probe_tc: None,
min_depth: 0,
max_depth: 16,
state_new: rs_dcerpc_udp_state_new,
state_free: rs_dcerpc_udp_state_free,
tx_free: rs_dcerpc_udp_state_transaction_free,
parse_ts: rs_dcerpc_udp_parse,
parse_tc: rs_dcerpc_udp_parse,
get_tx_count: rs_dcerpc_udp_get_tx_cnt,
get_tx: rs_dcerpc_udp_get_tx,
state_new,
state_free,
tx_free: state_transaction_free,
parse_ts: parse,
parse_tc: parse,
get_tx_count: get_tx_cnt,
get_tx,
tx_comp_st_ts: 1,
tx_comp_st_tc: 1,
tx_get_progress: rs_dcerpc_get_alstate_progress,
tx_get_progress: get_alstate_progress,
get_eventinfo: None,
get_eventinfo_byid: None,
localstorage_new: None,
localstorage_free: None,
get_tx_files: None,
get_tx_iterator: Some(applayer::state_get_tx_iterator::<DCERPCUDPState, DCERPCTransaction>),
get_tx_data: rs_dcerpc_udp_get_tx_data,
get_state_data: rs_dcerpc_udp_get_state_data,
get_tx_data,
get_state_data,
apply_tx_config: None,
flags: 0,
get_frame_id_by_name: None,

12
rust/src/dcerpc/detect.rs
Unescape Escape View File

@ -203,7 +203,7 @@ fn parse_opnum_data(arg: &str) -> Result<DCEOpnumData, ()> {
}
#[no_mangle]
pub extern "C" fn rs_dcerpc_iface_match(
pub extern "C" fn SCDcerpcIfaceMatch(
tx: &DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
) -> u8 {
let first_req_seen = tx.get_first_req_seen();
@ -219,7 +219,7 @@ pub extern "C" fn rs_dcerpc_iface_match(
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_iface_parse(carg: *const c_char) -> *mut c_void {
pub unsafe extern "C" fn SCDcerpcIfaceParse(carg: *const c_char) -> *mut c_void {
if carg.is_null() {
return std::ptr::null_mut();
}
@ -237,14 +237,14 @@ pub unsafe extern "C" fn rs_dcerpc_iface_parse(carg: *const c_char) -> *mut c_vo
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_iface_free(ptr: *mut c_void) {
pub unsafe extern "C" fn SCDcerpcIfaceFree(ptr: *mut c_void) {
if !ptr.is_null() {
std::mem::drop(Box::from_raw(ptr as *mut DCEIfaceData));
}
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_opnum_match(
pub unsafe extern "C" fn SCDcerpcOpnumMatch(
tx: &DCERPCTransaction, opnum_data: &mut DCEOpnumData,
) -> u8 {
let first_req_seen = tx.get_first_req_seen();
@ -266,7 +266,7 @@ pub unsafe extern "C" fn rs_dcerpc_opnum_match(
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_opnum_parse(carg: *const c_char) -> *mut c_void {
pub unsafe extern "C" fn SCDcerpcOpnumParse(carg: *const c_char) -> *mut c_void {
if carg.is_null() {
return std::ptr::null_mut();
}
@ -284,7 +284,7 @@ pub unsafe extern "C" fn rs_dcerpc_opnum_parse(carg: *const c_char) -> *mut c_vo
}
#[no_mangle]
pub unsafe extern "C" fn rs_dcerpc_opnum_free(ptr: *mut c_void) {
pub unsafe extern "C" fn SCDcerpcOpnumFree(ptr: *mut c_void) {
if !ptr.is_null() {
std::mem::drop(Box::from_raw(ptr as *mut DCEOpnumData));
}

4
rust/src/dcerpc/log.rs
Unescape Escape View File

@ -126,14 +126,14 @@ fn log_dcerpc_header_udp(
}
#[no_mangle]
pub extern "C" fn rs_dcerpc_log_json_record_tcp(
pub extern "C" fn SCDcerpcLogJsonRecordTcp(
state: &DCERPCState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder,
) -> bool {
log_dcerpc_header_tcp(jsb, state, tx).is_ok()
}
#[no_mangle]
pub extern "C" fn rs_dcerpc_log_json_record_udp(
pub extern "C" fn SCDcerpcLogJsonRecordUdp(
state: &DCERPCUDPState, tx: &DCERPCTransaction, jsb: &mut JsonBuilder,
) -> bool {
log_dcerpc_header_udp(jsb, state, tx).is_ok()

16
rust/src/dcerpc/parser.rs
Unescape Escape View File

@ -53,7 +53,7 @@ fn assemble_uuid(uuid: Uuid) -> Vec<u8> {
vect
}
pub fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> {
fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> {
let (i, time_low) = take(4_usize)(i)?;
let (i, time_mid) = take(2_usize)(i)?;
let (i, time_hi_and_version) = take(2_usize)(i)?;
@ -71,7 +71,7 @@ pub fn parse_uuid(i: &[u8]) -> IResult<&[u8], Uuid> {
Ok((i, uuid))
}
pub fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> {
pub(super) fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> {
let (i, rpc_vers) = le_u8(i)?;
let (i, pkt_type) = le_u8(i)?;
let (i, flags1) = le_u8(i)?;
@ -134,7 +134,7 @@ pub fn parse_dcerpc_udp_header(i: &[u8]) -> IResult<&[u8], DCERPCHdrUdp> {
Ok((i, header))
}
pub fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResult> {
pub(super) fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResult> {
let (i, ack_result) = le_u16(i)?;
let (i, ack_reason) = le_u16(i)?;
let (i, transfer_syntax) = take(16_usize)(i)?;
@ -148,7 +148,7 @@ pub fn parse_dcerpc_bindack_result(i: &[u8]) -> IResult<&[u8], DCERPCBindAckResu
Ok((i, result))
}
pub fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> {
pub(super) fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> {
let (i, _max_xmit_frag) = le_u16(i)?;
let (i, _max_recv_frag) = le_u16(i)?;
let (i, _assoc_group) = take(4_usize)(i)?;
@ -167,7 +167,7 @@ pub fn parse_dcerpc_bindack(i: &[u8]) -> IResult<&[u8], DCERPCBindAck> {
Ok((i, result))
}
pub fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], BindCtxItem> {
pub(super) fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], BindCtxItem> {
let (i, ctxid) = u16(endianness)(i)?;
let (i, _num_trans_items) = le_u8(i)?;
let (i, _) = take(1_usize)(i)?; // Reserved bit
@ -192,7 +192,7 @@ pub fn parse_bindctx_item(i: &[u8], endianness: Endianness) -> IResult<&[u8], Bi
Ok((i, result))
}
pub fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> {
pub(super) fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> {
let (i, _max_xmit_frag) = le_u16(i)?;
let (i, _max_recv_frag) = le_u16(i)?;
let (i, _assoc_group_id) = le_u32(i)?;
@ -205,7 +205,7 @@ pub fn parse_dcerpc_bind(i: &[u8]) -> IResult<&[u8], DCERPCBind> {
Ok((i, result))
}
pub fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> {
pub(super) fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> {
let (i, rpc_vers) = le_u8(i)?;
let (i, rpc_vers_minor) = le_u8(i)?;
let (i, hdrtype) = le_u8(i)?;
@ -228,7 +228,7 @@ pub fn parse_dcerpc_header(i: &[u8]) -> IResult<&[u8], DCERPCHdr> {
Ok((i, header))
}
pub fn parse_dcerpc_request(i: &[u8], endianness: Endianness) -> IResult<&[u8], DCERPCRequest> {
pub(super) fn parse_dcerpc_request(i: &[u8], endianness: Endianness) -> IResult<&[u8], DCERPCRequest> {
let (i, _pad) = take(4_usize)(i)?;
let (i, ctxid) = u16(endianness)(i)?;
let (i, opnum) = u16(endianness)(i)?;

4
src/app-layer-parser.c
Unescape Escape View File

@ -1730,8 +1730,8 @@ void AppLayerParserRegisterProtocolParsers(void)
RegisterHTPParsers();
RegisterSSLParsers();
rs_dcerpc_register_parser();
rs_dcerpc_udp_register_parser();
SCRegisterDcerpcParser();
SCRegisterDcerpcUdpParser();
RegisterSMBParsers();
RegisterFTPParsers();
RegisterSSHParsers();

6
src/detect-dce-iface.c
Unescape Escape View File

@ -113,7 +113,7 @@ static int DetectDceIfaceMatchRust(DetectEngineThreadCtx *det_ctx,
if (f->alproto == ALPROTO_DCERPC) {
// TODO check if state is NULL
return rs_dcerpc_iface_match(txv, state, (void *)m);
return SCDcerpcIfaceMatch(txv, state, (void *)m);
}
int ret = 0;
@ -147,7 +147,7 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0)
return -1;
void *did = rs_dcerpc_iface_parse(arg);
void *did = SCDcerpcIfaceParse(arg);
if (did == NULL) {
SCLogError("Error parsing dce_iface option in "
"signature");
@ -165,7 +165,7 @@ static void DetectDceIfaceFree(DetectEngineCtx *de_ctx, void *ptr)
{
SCEnter();
if (ptr != NULL) {
rs_dcerpc_iface_free(ptr);
SCDcerpcIfaceFree(ptr);
}
SCReturn;
}

8
src/detect-dce-opnum.c
Unescape Escape View File

@ -103,7 +103,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx,
SCEnter();
if (f->alproto == ALPROTO_DCERPC) {
return rs_dcerpc_opnum_match(txv, (void *)m);
return SCDcerpcOpnumMatch(txv, (void *)m);
}
if (rs_smb_tx_match_dce_opnum(txv, (void *)m) != 1)
@ -114,7 +114,7 @@ static int DetectDceOpnumMatchRust(DetectEngineThreadCtx *det_ctx,
/**
* \brief Creates a SigMatch for the "dce_opnum" keyword being sent as argument,
* and appends it to the rs_dcerpc_opnum_matchSignature(s).
* and appends it to the SCDcerpcOpnumMatchSignature(s).
*
* \param de_ctx Pointer to the detection engine context.
* \param s Pointer to signature for the current Signature being parsed
@ -135,7 +135,7 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, const char
if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0)
return -1;
void *dod = rs_dcerpc_opnum_parse(arg);
void *dod = SCDcerpcOpnumParse(arg);
if (dod == NULL) {
SCLogError("Error parsing dce_opnum option in "
"signature");
@ -154,7 +154,7 @@ static void DetectDceOpnumFree(DetectEngineCtx *de_ctx, void *ptr)
{
SCEnter();
if (ptr != NULL) {
rs_dcerpc_opnum_free(ptr);
SCDcerpcOpnumFree(ptr);
}
SCReturn;
}

2
src/detect-dce-stub-data.c
Unescape Escape View File

@ -96,7 +96,7 @@ static InspectionBuffer *GetDCEData(DetectEngineThreadCtx *det_ctx,
const uint8_t *data = NULL;
uint8_t endianness;
rs_dcerpc_get_stub_data(txv, &data, &data_len, &endianness, flow_flags);
SCDcerpcGetStubData(txv, &data, &data_len, &endianness, flow_flags);
if (data == NULL || data_len == 0)
return NULL;

4
src/output-json-alert.c
Unescape Escape View File

@ -416,11 +416,11 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb,
jb_get_mark(jb, &mark);
jb_open_object(jb, "dcerpc");
if (p->proto == IPPROTO_TCP) {
if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) {
if (!SCDcerpcLogJsonRecordTcp(state, tx, jb)) {
jb_restore_mark(jb, &mark);
}
} else {
if (!rs_dcerpc_log_json_record_udp(state, tx, jb)) {
if (!SCDcerpcLogJsonRecordUdp(state, tx, jb)) {
jb_restore_mark(jb, &mark);
}
}

4
src/output-json-dcerpc.c
Unescape Escape View File

@ -36,11 +36,11 @@ static int JsonDCERPCLogger(ThreadVars *tv, void *thread_data,
jb_open_object(jb, "dcerpc");
if (p->proto == IPPROTO_TCP) {
if (!rs_dcerpc_log_json_record_tcp(state, tx, jb)) {
if (!SCDcerpcLogJsonRecordTcp(state, tx, jb)) {
goto error;
}
} else {
if (!rs_dcerpc_log_json_record_udp(state, tx, jb)) {
if (!SCDcerpcLogJsonRecordUdp(state, tx, jb)) {
goto error;
}
}

Write Preview
Loading…
Cancel
Save